As the 2016 holiday shopping season gets underway, cybersecurity firms warn that hackers could cost retailers big and small millions of dollars. According to a Fortune report, hackers have the power to not only steal consumer data, but to take down entire sites—costing major retailers as well as smaller stores big profits.

For example, a site like Amazon, which sold 398 items per second over the summer, could potentially lose $2 million in sales every 10 minutes if hackers were successful in taking the site down.

This is an understandably terrifying prospect for store owners who increasingly depend on online sales to make profits. In October 2016, a hacking attack cut off customers’ access to Netflix and Kayak. Both companies made no sales while their sites were down.

Internet security experts say that hackers are also developing new tools to carry out their hacks. For example, “mega” attacks now use botnets to pummel a site with junk web traffic, overloading it and knocking it offline. Major sites like Amazon tend to have technology in place to fight off these types of attacks, but smaller shops are vulnerable. Small- and medium-size retailers can also fall victim to hackers that attempt to hold them hostage by demanding money in exchange for hackers backing off their sites.

Staying Safe as You Shop Online

With about 59 percent of holiday shoppers saying they plan on purchasing gifts online, cyber security experts say everyone should be cautious about providing information to online sites. Here are some tips to keep in mind:

Avoid simple passwords. Most people use simple or straightforward passwords, such as their birthdate or a pet’s name. However, easy passwords leave you vulnerable online, especially if you use the same password across several sites. Create a password that is a combination of letters, numbers, and symbols. You should also avoid using dates and words associated with your personal information. According to an Investopedia report, hackers quickly learn to exploit weak passwords.

Don’t store your passwords online. Storing your passwords on a spreadsheet on your computer is a bit like keeping your savings account in a coffee can on your front porch. Don’t leave a back door open for cyber thieves. Instead, opt for a low-tech approach, such as keeping a handwritten list of your passwords in a drawer in your kitchen.

Avoid risky sites. Don’t visit websites that put you at risk of a hacking attack or cyber threat. For example, music or file-sharing torrent sites are notorious for spreading viruses and giving cyber thieves easy access to your information. You should also avoid clicking on links sent to you via email. For example, if your bank sends you an email about your account, log out of your email and go directly to the bank’s website before logging in. Reputable companies generally don’t ask customers to log in via email, so be wary of any email that asks you to access a site from a link.